NSE8_810 Online Practice Questions and Answers

You must create a high Availability deployment with two FortiWebs in Amazon Services (AWS): each on

different Availability Zones(AZ) from the same region. At the same time, each FortiWeb should be able to

deliver content from the Web server of both of the AZs.

Which deployment would will this requirement?

A. Configure the FortiWebs Active-Active Ha mode and use AWS Router 53 load Router balance the internal Web servers.

B. Configure the FortiWebs in Active-Active HA mode and use AWS Elastic load Balancer (ELB) for the internal Web servers.

C. Use AWS Router 53 to load balance FortiWebs in standone mode and use AWS Virtual private Cloud (VPC) peering to load balance the internal Web servers.

D. Use AWS Elastic load Balancer (ELB) for both FortiWebs in standdone mode and the internal Web servers in an ELB sandwich.

Click the Exhibit button.

You log into FortiManager, look at the Device Manager window and notice that one of your managed devices is not in normal status.

Referring to the exhibit, which two statements correctly describe the affected device's status and result? (Choose two.)

A. The device configuration was changed on the local FoitiGate side only. auto-update is disabled.

B. The device configuration was changed on both the local FortiGate side and the FortiManager side, auto-update is disabled.

C. The changed configuration on the FortiGate wrt remain the next time that the device configuration is pushed from ForbManager.

D. The changed configuration on the FortiGate will be overwritten in favor of what is on the FortiMAnager the next time that the device configuration is pushed.

Click the Exhibit button.

The exhibit shows a full-mesh topology between FortiGates and FortiSwitches. To deploy this

configuration, two requirements must be met:

-20 Gbps full duplex connectivity is available between each FortiGate and the FortiSwitches

-The FortiGate HA must be in AP mode.

Referring to the exhibit, what are two actions that will fulfill the requirements? (Choose two.)

A. Configure both FortiSwitch as pears with ICL over cable E, create one MCLAG on ports connected to cables A and C, and create another MCLAG on ports connected to cables B and D.

B. Configure the master FortiGate with one and FortiLink split interface disable on ports connected to cables A and C and make sure the same ports are used for to cables B and D.

C. Configure both FortiSwitches as peers ISL over cable on create one MCLAG on ports connected cables A and C, and ceate another MCLAG on ports connected to cables B and D.

D. Configure the master FortiGate with one LAG and FortiLink split interface enables on ports connected to cable A and C make sure the ports are used for cables B and D on the slave.

You deploy a FortiGate device in a remote office based on the requirements shown below.

-- Due to company's security policy, management IP of your FortiGate is not allowed to access the Internet.

-- Apply Web Filtering, Antivirus, IPS and Application control to the protected subnet. -- Be managed by a

central FortiManager in the head office.

Which action will help to achieve the requirements?

A. Configure a default route and make sure that the FortiGate device can pmg to service fortiguard net.

B. Configure the FortiGuard override server and use the IP address of the FortiManager

C. Configure the FortiGuard override server and use the IP address of service, fortiguard net.

D. Configure FortiGate to use FortiGuard Filtering Port 8888.

Click the Exhibit button.

Your customer is using dynamic routing to exchange the default route between two FortiGates using OSPFv2. The output of the get router info ospf neighbor command shows that the neighbor is up, but the default route does not appear in the routing neighbor shown below:

According to the exhibit, what is causing the problem?

A. A prefix for the detail route is missing

B. OSPF requires the redistribution of connected networks.

C. There is an OSPF interface network-type mismatch.

D. FG2 is within the wrong OSPF area.

You configure an outgoing firewall policy with a web filter for accessing the internet. The access to URL https// itacm.co and web belonging to the same category should be blocked. You notice that the Web server presents a certificate with CN=www acme.com. The www.it.acme site is as '' information Technology and the www.acme.com site is categorized as ''Business".

Which statements is correct in this scenario?

A. Category "information Technology" needs to blocked, the FortiGate is able to inspection the URL with HTTPS sessions.

B. Category "Business" need a to be block: the certificate name takes precedence over the SNI.

C. SSL inspection must be configured to deep-inspection: the category "information Technology "needs to be blocked.

D. Category :information Technology" needs to be blocked, the SNI takes precedence over the certificate name.

You are asked to add a FortiDDoS to the network to combat detected slow connection attacks such as Slowloris.

Which prevention mode on FortiDDoS will protect you against this specific type of attack?

A. aggressive aging mode

B. rate limiting mode

C. blocking mode

D. asymmetric mode

Exhibit

When deploying a new FortiGate-VMX Security node, an administrator received the error message shown in the exhibit In this scenario, which statement is correct?

A. The vCenter was not able locate the FortiGate-VMX's OVF file.

B. The vCenter could not connect to the FortiGate Service Manager

C. The NSX Manager was not able to connect on the FortiGate Service Manager's RestAPI service.

D. The FortiGate Service Manager did not have the proper permission to register the FortiGate-VMX Service.

An organization has one central site And three remote sites. A FotiSIEM has been drafted on the central

site and now all devices across the remote sites need to be monitored by the FortiSlEM.

When action would reduce the WAN usage by the monitoring system?

A. Deploy a single Supervisor on the central site and enable WAN optimize on the WAN gateways.

B. Install local Collection remote site.

C. Disable monitoring on the remote sites during the day.

D. install a Supervisor and a Collector for each remote site.

Click the Exhibit button.

Referring to the exhibit, which two statements are true? (Choose two.)

A. port13 and port14 on FS448D-A should be connected to port13 and port14 on FS448D-B

B. LAG-1 and LAG 2 should be connected to a single 4-port 802 3ad interface on the FortiGate-A.

C. LAG-3 on switches on FS448D-A and FS448D-B may be connected to a single 802 3ad trunk on another device.

D. LAG-1 and LAG-2 should be connected to a 4-port single 802 3ad trunk on another device.